XRUN Security Bounty reward payments are made at XRUN sole
discretion and are based on the type of issue, the level of access
or execution achieved, and the quality of the report. A high-quality
research report is critical to help us confirm and address an issue
quickly, and could help you receive an Apple Security Bounty reward.
The examples shown for each category are representative of potential
XRUN Security Bounty payments. While we’re unable to anticipate
specific reward payments in advance, we consider every security
issue that has a significant impact to users for an XRUN Security
Bounty reward, even if it doesn’t match a published category.
Products | Description | Reward Range | View Examples |
---|---|---|---|
Device attack via phsyical access |
Lock Screen bypass | $5,000 - $100,000 |
|
A "Device attack via physical access - Lock Screen bypass"
refers to a security vulnerability where an attacker with
physical access to a device (such as a smartphone, tablet,
or computer) is able to bypass the lock screen and gain
unauthorized access to the system. This type of exploit
can occur through a flaw in the lock screen's security
mechanisms, allowing attackers to bypass password, PIN,
fingerprint, or other forms of authentication without
proper authorization. |
|||
User data extraction | $5,000 - $250,000 |
|
|
A Device Attack physical access second .... |
|||
Device attack via user-installed app |
Unauthorized access to sensitive data |
$5,000 - $100,000 |
|
Device attack user-installed app First |
|||
Elevation of privilege | $5,000 - $150,000 |
|
|
A Device Attack user-installed app second |
|||
Network attack with user interaction |
One-click unauthorized access to sensitive data |
$5,000 - $150,000 |
|
Network attack with user interaction First |
|||
One-click with elevation of privilege |
$5,000 - $250,000 |
|
|
Network attack with user interaction Second |
|||
Network attack without user interaction |
Zero-click radio to kernel with phsyical proximity |
$5,000 - $500,000 |
|
Network attack without user interaction First |
|||
Zero-click unauthorized access to sensitive data |
$5,000 - $500,000 |
|
|
Network attack without user interaction Second |
|||
Zero-click kernel code execution with persistence and kernel PAC bypass |
$100,000 - $1,000,000 |
|
|
Network attack without user interaction Third |
Considering donating your reward? Apple matches donations of Apple Security Bounty rewards to qualifying causes — like the Ford Foundation’s Dignity and Justice Fund, which helps combat mercenary spyware.
XRUN Bug
Bounty Challenge
Terms
Conditions